Описание
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage |
Показывать по
EPSS
8.1 High
CVSS3
Связанные уязвимости
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Applications that use UriComponentsBuilderto parse an externally provi ...
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
Уязвимость программной платформы Spring Framework, существующая из-за недостаточной валидации вводимых пользователем данных, позволяющая нарушителю осуществить SSRF-атаку
EPSS
8.1 High
CVSS3